Hello Dejan,
I hope you are doing well,
1 - I would like to ask you if you have some resources for learning about SOC reports.
2 - Is it worth if a company works on ISO27001 controls and the SOC reports at the same time? Does ISO27001 cover the SOCs?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
1 - I would like to ask you if you have some resources for learning about SOC reports.
I am sorry but our content is developed for ISO 27001. Anyway, this information (from the official site of the American Institute of CPAs) about SOC and ISO 27001 can be interesting for you (see the Excel “Trust Services Map to ISO 27001"): https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/soc2additionalsubjectmatter.html
In Excel, there are some points in common between ISO 27001 and SOC, so for these points, you can use our toolkit “ISO 27001 Documentation Toolkit”: https://advisera.com/27001academy/iso-27001-documentation-toolkit/
2 - Is it worth if a company works on ISO27001 controls and the SOC reports at the same time? Does ISO27001 cover the SOCs?
SOC 1 deals with controls at a service organization’s Internal controls over financial reporting systems, while SOC II has several common points with ISO 27001:2013: risk management, internal audit, business continuity, access control, etc.
Considering that, ISO 27001, which is an international standard for information security, can be used to implement some of the controls defined by SOC, but they do not have a direct relation, neither one is required to implement the other.
These articles will provide you a further explanation about ISO 27001:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- Where to start from with ISO 27001 https://advisera.com/27001academy/knowledgebase/iso-27001-where-to-start-most-important-materials/
These materials will also help you regarding ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Nov 10, 2020